On Mon, 9 Feb 2009 19:42:03 +0000 unknown <[email protected]> wrote: > https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy : > > [quote] > > 2.1. Transparently anonymizing traffic for a specific user > > [code] > iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner anonymous -m tcp --syn > -j REDIRECT --to-ports 9040 > > iptables -t nat -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp > --dport 53 -j REDIRECT --to-ports 53 > > iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DROP > [/code] > > [/quote] > > But last iptables rule will not working anymore. > > Iptables warning: > > [quote] > The "nat" table is not intended for filtering, hence the use of DROP is > deprecated and will permanently be disabled in the next iptables release. > Please adjust your scripts. > [/quote] > > What's better iptables rule for *specific* user? >
Is it right instead DROP change destination of all packets for all ports and protocols from specific user to localhost to block what to tor or privoxy can't accept? iptables -t nat -A OUTPUT -m owner --uid-owner anonymous -j DNAT --to-destination 127.0.0.1

